An Approach to Detect and Prevent Cybercrime in Large Complex Networks

Recently, the Danish defense department announced that research institutions are prominent targets for cybercrime. To better protect these organizations, an approach to prevent and detect cybercrime in large complex computer networks is needed. This paper contributes by a proof of concept of such an approach, based on a combination of Penetration test (Pen test) and Domain Name System (DNS) analysis. Pen test is a method to assess a network's current security state, by detecting vulnerabilities and misconfigurations before they are being abused. On the other hand, DNS traffic analysis can be used to detect ongoing cybercriminal/suspicious activities. The combination of the Pen test and DNS analysis can give an administrator a crucial overview of the vulnerabilities present in the system as well as already compromised parts. The methods were tested on the network of Aalborg University, and they were both able to identify ongoing cybercrime or vulnerabilities. While the feasibility was demonstrated, further developments are needed before it can be implemented on a larger scale.